chore(deps): bump regex from 1.11.2 to 1.12.1#24
Closed
dependabot[bot] wants to merge 2 commits intomainfrom
Closed
chore(deps): bump regex from 1.11.2 to 1.12.1#24dependabot[bot] wants to merge 2 commits intomainfrom
dependabot[bot] wants to merge 2 commits intomainfrom
Conversation
Bumps [regex](https://github.com/rust-lang/regex) from 1.11.2 to 1.12.1. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](rust-lang/regex@1.11.2...1.12.1) --- updated-dependencies: - dependency-name: regex dependency-version: 1.12.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Contributor
Author
|
A newer version of regex exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged. |
26 tasks
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the regex dependency from version 1.11.2 to 1.12.1, incorporating bug fixes and a new API for capturing matches. The update includes corresponding changes to transitive dependencies regex-automata and regex-syntax.
- Updates
regexversion constraint from1.11to1.12in workspace dependencies - Updates locked version from
1.11.2to1.12.1with corresponding checksum updates - Introduces
regex-automata 0.1.10as a new transitive dependency alongside the existing0.4.12version
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| Cargo.toml | Updates regex version constraint from 1.11 to 1.12 in workspace dependencies |
| Cargo.lock | Updates regex to 1.12.1, regex-automata to 0.4.12, adds regex-automata 0.1.10 entry, and updates related checksums and dependency references |
doublegate
added a commit
that referenced
this pull request
Jan 10, 2026
This PR consolidates updates from multiple open dependency PRs: ## Cargo Dependency Updates Applied: - criterion: 0.5.1 -> 0.8.1 (major version, benchmark framework) - ratatui: 0.29.0 -> 0.30.0 (TUI framework with breaking changes) - serde_json: 1.0.145 -> 1.0.148 - rustls-pki-types: 1.0 -> 1.13.2 - tracing: 0.1.43 -> 0.1.44 - tracing-subscriber: 0.3.20 -> 0.3.22 - clap: 4.5.48 -> 4.5.53 - open: 5.0 -> 5.3.3 - regex: 1.12 -> 1.12.1 ## GitHub Actions Updates Applied: - actions/cache: v4 -> v5 - actions/upload-artifact: v5 -> v6 - actions/download-artifact: v6 -> v7 ## Breaking Changes Resolved: - ratatui 0.30: Added `clear_region` method and `Error` type to Backend trait - Fixed clippy warnings in auth.rs (Zeroize derive pattern) - Fixed clippy unnecessary_unwrap in GUI button component ## Excluded from Consolidation: - iced 0.14.0 (PR #45): Extensive breaking changes requiring major GUI refactor - Would require changes to: scrollable API, application API, Style structs, text_input::Status enum, spacing types, and more - Recommended as separate PR for dedicated migration effort ## PRs Already Merged (content in main): - PR #27, #32: Phase 4 scripting documentation already present ## Verification: - Zero compilation errors - Zero clippy warnings (with -D warnings) - 60 unit tests passing - 49 doctests passing - Release build successful Closes #24, #46, #47, #48, #49, #50, #51, #52, #53, #54, #55, #56 Related: #27, #32 (already merged) Excluded: #45 (iced 0.14.0 - breaking changes too extensive) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
doublegate
added a commit
that referenced
this pull request
Jan 10, 2026
…ity fix (#64) * chore(deps): Consolidate dependency updates and GitHub Actions upgrades This PR consolidates updates from multiple open dependency PRs: ## Cargo Dependency Updates Applied: - criterion: 0.5.1 -> 0.8.1 (major version, benchmark framework) - ratatui: 0.29.0 -> 0.30.0 (TUI framework with breaking changes) - serde_json: 1.0.145 -> 1.0.148 - rustls-pki-types: 1.0 -> 1.13.2 - tracing: 0.1.43 -> 0.1.44 - tracing-subscriber: 0.3.20 -> 0.3.22 - clap: 4.5.48 -> 4.5.53 - open: 5.0 -> 5.3.3 - regex: 1.12 -> 1.12.1 ## GitHub Actions Updates Applied: - actions/cache: v4 -> v5 - actions/upload-artifact: v5 -> v6 - actions/download-artifact: v6 -> v7 ## Breaking Changes Resolved: - ratatui 0.30: Added `clear_region` method and `Error` type to Backend trait - Fixed clippy warnings in auth.rs (Zeroize derive pattern) - Fixed clippy unnecessary_unwrap in GUI button component ## Excluded from Consolidation: - iced 0.14.0 (PR #45): Extensive breaking changes requiring major GUI refactor - Would require changes to: scrollable API, application API, Style structs, text_input::Status enum, spacing types, and more - Recommended as separate PR for dedicated migration effort ## PRs Already Merged (content in main): - PR #27, #32: Phase 4 scripting documentation already present ## Verification: - Zero compilation errors - Zero clippy warnings (with -D warnings) - 60 unit tests passing - 49 doctests passing - Release build successful Closes #24, #46, #47, #48, #49, #50, #51, #52, #53, #54, #55, #56 Related: #27, #32 (already merged) Excluded: #45 (iced 0.14.0 - breaking changes too extensive) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor(auth): Replace module-level lint suppression with field-level attributes and add zeroization tests (#60) * Initial plan * refactor(auth): Move lint suppression from module-level to field-level for targeted scope Co-authored-by: doublegate <6858123+doublegate@users.noreply.github.com> * test(auth): Add comprehensive zeroization test coverage for security-critical fields Co-authored-by: doublegate <6858123+doublegate@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: doublegate <6858123+doublegate@users.noreply.github.com> * fix(ci): Resolve all failing CI checks for PR #59 - Fix auth.rs formatting: Remove trailing whitespace and format unsafe blocks properly according to rustfmt rules - Fix dependency-review-config.yml: Remove conflicting deny-licenses (cannot have both allow-licenses and deny-licenses), use proper purl format for package specifications (pkg:cargo/package-name) - Fix Windows cargo-nextest timeout: Replace cargo install with taiki-e/install-action pre-built binaries to avoid 10+ minute compilation time that caused timeouts Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): Expand allowed licenses for Dependency Review check Add comprehensive license list for Rust ecosystem compatibility: - Unicode licenses: Unicode-DFS-2016, Unicode-3.0 - Compression: Zlib, zlib-acknowledgement - Mozilla: MPL-2.0 - Boost: BSL-1.0 - LLVM: Apache-2.0 WITH LLVM-exception - OpenSSL, BlueOak-1.0.0, CC-BY-3.0/4.0, WTFPL, Ring, MIT-0, NCSA Add package allowlist for crates with special license definitions: - Unicode crates (unicode-ident, unicode-normalization, etc.) - Cryptography crates (ring, webpki, rustls-webpki) - OpenSSL bindings - lab crate (low OpenSSF scorecard but essential) Remove openssl-sys from deny-packages list. Fixes Dependency Review check failure on PR #59. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): Remove invalid 'Ring' from allow-licenses list Ring is not a valid SPDX license identifier. The ring crate uses ISC license, which is already in the allow list. The ring package is also in the allow-dependencies-licenses list to ensure it passes checks. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): add unicode-properties to allow-dependencies-licenses The unicode-properties@0.1.4 crate uses "MIT/Apache-2.0" as its license string, which is not valid SPDX format (should be "MIT OR Apache-2.0"). GitHub's dependency-review-action cannot validate non-SPDX license strings. Adding the package to allow-dependencies-licenses bypasses the SPDX validation while still allowing the dependency since both MIT and Apache-2.0 are approved licenses. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(security): Patch RUSTSEC-2026-0002 lru soundness vulnerability Apply security fix for vulnerable lru 0.12.5 in iced_glyphon dependency. Security Fix Applied: - Vendor patched iced_glyphon 0.6.0 with lru updated to 0.16.3 - Add Cargo patch to use vendored version - Resolves RUSTSEC-2026-0002 (IterMut violating Stacked Borrows) Dependency Chain Fixed: rustirc -> rustirc-gui -> iced 0.13.1 -> iced_wgpu -> iced_glyphon -> lru Code Quality Improvements: - Add Default derive to PluginCapabilities (clippy::derivable_impls) - Add dead_code allows for reserved Phase 4+ fields in ScriptApi Related to PR #45 (iced 0.14.0). Full iced migration deferred as it requires 82+ breaking API changes - recommended for separate PR. PRs #27, #32 superseded - Phase 4 documentation already in main branch. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: doublegate <6858123+doublegate@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps regex from 1.11.2 to 1.12.1.
Changelog
Sourced from regex's changelog.
Commits
27d6d651.12.185398adchangelog: 1.12.1764efbdapi: tweak the lifetime ofCaptures::get_matchee6aa55rure-0.2.442076c61.12.0aef2153deps: bump to regex-automata 0.4.12459dbberegex-automata-0.4.12610bf2dregex-syntax-0.8.77dbb384changelog: 1.12.0bd345d7automata: fix broken universal start states with sparse DFAYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Note
Update
regexto 1.12 (lockfile to 1.12.1) and refresh related transitive dependencies.regexinCargo.tomlfrom1.11to1.12.Cargo.lock:regex→1.12.1.regex-automata→0.4.12(plus legacy0.1.10entry),regex-syntaxupdates.Written by Cursor Bugbot for commit 4c08003. This will update automatically on new commits. Configure here.